2009-04-02, 09:31
Thought it worth highlighting this change set since there are so few security related patches and no mechanism to alert users globally.
Questions on this problem/patch should NOT be posted in this thread.
Changeset 19126
Timestamp: 04/01/2009 03:31:16 PM
Author: AlTheKiller
Message:
fixed: Several remote exploits in the webserver/httpapi. (Huge thanks to n00b for the security audit and PoC code!)
disabled: Database access via httpapi until a denial of service (seg fault) can be resolved.
!!ATTENTION!! It is recommended that all users DISABLE the XBMC web server entirely in settings > network > servers if they are using a revision prior to this one. This is especially the case if you're doing something extremely stupid like running XBMC on a priveleged account or exposing the XBMC web server to the internet.
Questions on this problem/patch should NOT be posted in this thread.
Changeset 19126
Timestamp: 04/01/2009 03:31:16 PM
Author: AlTheKiller
Message:
fixed: Several remote exploits in the webserver/httpapi. (Huge thanks to n00b for the security audit and PoC code!)
disabled: Database access via httpapi until a denial of service (seg fault) can be resolved.
!!ATTENTION!! It is recommended that all users DISABLE the XBMC web server entirely in settings > network > servers if they are using a revision prior to this one. This is especially the case if you're doing something extremely stupid like running XBMC on a priveleged account or exposing the XBMC web server to the internet.